On April 13, 2015, the Office of the National Coordinator for Health Information Privacy (“ONC”) released version 2.0 of the Guide to Privacy and Security of Electronic Health Information (“Guide”). The Guide is designed to help small and medium sized businesses understand and comply with privacy and data security requirements under the Health Insurance Portability and Accountability Act (“HIPAA”). The Guide addresses obligations under the HIPAA Privacy Rule, notices of privacy practices, the HIPAA Security Rule, meaningful use, security management, breach notification, and enforcement. The newly revised Guide clarifies when someone is a business associate, discusses permitted uses of health information, and lays out steps for implementing a security management process. The Guide also provides questions that providers can use in assessing potential vendors’ security practices and tips for using Certified Electronic Health Record Technology (“CEHRT”) for HIPAA-compliant electronic communications with patients.